Security Advisory

CVE-2008-0497

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2008-01-30 21:00:00

Last updated 2024-08-07 07:46:55

Assigner mitre

State PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, which is not quoted when processing PHP_SELF.

← Browse all CVEs View on cve.org ↗